CLAIMS 



1. A method for securing network-connected resources, 
the method comprising: 

5 at a first network-connected node, receiving an electronically 

formatted job; 

receiving CK, a symmetrical encryption key (K) encrypted 
using an asymmetrical encryption public key (pubK); 

receiving CH, a hash (H) of the job, further encrypted using 

10 K; 

decrypting CK using an asymmetrical encryption private key 
(privK), corresponding to pubK, to recover K; 

hashing the job, generating H'; 

using K to validate CH; 
15 in response to validating CH, decrypting an encrypted 

resource using K; and, 

using the decrypted resource to process the job. 

2. The method of claim 1 wherein using K to validate CH 

20 includes: 

encrypting H' using K, obtaining CH'; and, 
matching CH to CH\ 

3. The method of claim 1 wherein using K to validate CH 

25 includes: 

decrypting CH using K, generating H; and, 
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comparing H to H\ 

4. The method of claim 1 further comprising: 
prior to receiving the job, CK, and CH, receiving the 

5 encrypted resource; and, 

storing the encrypted resource. 

5. The method of claim 4 further comprising: 
installing pubK,privK upon initialization. 

10 

6. The method of claim 1 wherein receiving an 
electronically formatted job includes receiving a print job in a format 
selected from the group including text and image formats. 

15 7. The method of claim 4 wherein storing the encrypted 

resource includes storing an encrypted font resource; and, 

wherein using the decrypted resource to process the job 
includes printing a print job using the decrypted fonts. 

20 8. The method of claim 7 wherein storing the encrypted 

font resource includes storing resources selected from the group including 
a logo, personal signature image, and glyph. 

9. The method of claim 4 wherein receiving the encrypted 
25 resource includes receiving the encrypted resource in a format selected 
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from the group including hypertext transport protocol (http) and file 
transport protocol (FTP). 

10. The method of claim 1 further comprising: 

5 at a second network-connected node, generating the job; 

encrypting K with pubK, generating CK; 
hashing the job, generating H; 
encrypting H using K, generating CH; and, 
sending the job, CK, and CH to the first node for job 

10 processing. 

11. The method of claim 1 further comprising: 
receiving a selection command for a particular one of a 

plurality of encrypted resources; and, 
15 wherein decrypting an encrypted resource using K, in 

response to a valid match, includes decrypting the selected resource. 

12. The method of claim 11 wherein receiving a selection 
command for a particular one of a plurality of encrypted resources 

20 includes receiving CKi, where 1 < i < m; and, 

wherein decrypting the selected resource in response to the 
encrypted resource selection command includes decrypting CKi to recover 
one of symmetrical encryption keys Ki through Km, where Ki through Km 
correspond to encrypted resources CRi through CRm. 

25 
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13. The method of claim 1 wherein receiving an 
electronically formatted job includes receiving the job at network- 
connected node Ni, where 1< i <n\ 

wherein receiving CK includes Ni receiving CKi, where CKi is 
5 generated by encrypting K using corresponding asymmetrical encryption 
public key pubKi; and, 

wherein decrypting CK includes Ni decrypting CKi using 
corresponding asymmetrical encryption private key privKi, to recover K. 

10 14. The method of claim 1 wherein receiving an 

electronically formatted job includes receiving the job at network- 
connected node Ni, where 1< i <n; 

wherein receiving CK includes Ni receiving CKi, 
corresponding to symmetrical encryption key Ki, encrypted using pubKi; 

15 wherein receiving CH includes Ni receiving CHi, a hash of 

the job encrypted using corresponding symmetrical encryption key Ki; 
and, 

wherein decrypting CK includes Ni decrypting CKi using 
asymmetrical encryption private key privKi, to recover corresponding 
20 symmetrical encryption key Ki. 

15. The method of claim 14 wherein using K to validate 

CH includes: 

Ni encrypting H' using symmetrical encryption key Ki, 
25 obtaining CHi'; 

Ni matching CHi to corresponding CHi'; and, 
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wherein decrypting an encrypted resource using K includes 
Nt decrypting the encrypted resource using symmetrical encryption key 

Ki. 

• 1 

16. The method of claim 14 wherein using K to validate 

CH includes: 

Ni decrypting CH; using symmetrical encryption key Ki, f 

i 

m 

obtaining H; 

Ni comparing H to H'; and, 

wherein decrypting an encrypted resource using K includes 
Nt decrypting the encrypted resource using symmetrical encryption key 

Ki. 

17. A method for accessing network-connected processing 
15 resources, the method comprising: 

at a second node, generating an electronically formatted job; 

encrypting a symmetrical encryption key K with an 
asymmetrical encryption key (pubK), generating CK; 

hashing the job generating H; 
20 encrypting H using K, generating CH; 

sending the job, CK, and CH to a first network-connected 
node; and, ■■ 

processing the job at the first node using a K encrypted 

resource. 

25 
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18. A system for using secure network-connected 
resources, the system comprising: 

a first device including: 

a network-connected port for receiving an 
electronically formatted job, for receiving CK, a symmetrical 
encryption key (K) encrypted using an asymmetrical encryption 
public key (pubK), and for receiving CH, a hash (H) of the job, 
further encrypted using K; 

a hash unit having an interface to accept the job 
and to supply a hash of the job (If); 

a memory having an interface to supply an 
asymmetrical encryption private key (privK), corresponding to 
pubK, and an encrypted resource; 

a security unit having an interface to authorize 
access to the encrypted resource in memory, in response to 
validating CH; and, 

a processing unit having an interface to accept 
the job and a decrypted resource, and to supply a job processed 
using the decrypted resource. 

19. The system of claim 18 further comprising: 

a decrypting unit having an interface to accept 
CK and privK, to generate K in response to decrypting CK using 
privK, to decrypt the encrypted resource from memory using K, and 
supply the decrypted resource; 
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an encryption unit having an interface to accept 
H' and K, and supply CH' in response to using K to encrypt H'; and, 

wherein the security unit accepts CH and CH 5 
and validates CH by matching CH to CH'. 

5 

20. The system of claim 18 further comprising: 

a decrypting unit having an interface to accept 
CH, CK, and privK, to generate K in response to decrypting CK 
using privK, to supply H in response to decrypting CH using K, and 
10 supply the decrypted resource; and, 

wherein the security unit accepts H and H' and 
validates CH by matching H to H\ 

21. The system of claim 18 wherein the network-connected 
15 port receives the encrypted resource for storage in the memory. 

22. The system of claim 18 wherein the memory is a read 
only memory (ROM) for accepting and storing privK upon device 
initialization. 

20 

23. The system of claim 18 wherein the first device is a 

printer; and, 

wherein the network-connected port receives a print job in a 
format selected from the group including text and image formats. 

25 
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24. The system of claim 23 wherein the memory stores 
encrypted font resources; and, 

wherein the processing unit is a print engine that supplies a 
job printed using the decrypted fonts. 

25. The system of claim 24 wherein the memory stores 
encrypted font resources selected from the group including a logo, 
personal signature image, and glyph. 

26. The system of claim 21 wherein the network-connected 
port receives an encrypted resource for storage in a format selected from 
the group including hypertext transport protocol (http) and file transport 
protocol (FTP). 

27. The system of claim 18 further comprising: 
a second device including: 

a processor to supply a job; 

a hash unit having an interface to accept the job 
and to supply a hash of the job (H); 

an encryption unit having an interface to accept 
H, to supply CK, the encryption of symmetrical encryption key K 
using pubK, and CH, the encryption of H using K; and, 

a network-connected port for transmitting the 
job, CK, and CH to the first device for job processing. 
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28. The system of claim 18 wherein the first device 
network-connected port receives a encrypted resource selection command; 
and, 

wherein the decryption unit decrypts the selected resource. 

29. The system of claim 28 wherein the decryption unit 
decrypts CKi, where 1 < i < ra, to recover one of symmetrical encryption 
keys Ki through Km, where Ki through Km correspond to encrypted 
resources CRi through CRm. 

30. The system of claim 18 further comprising: 

a plurality of devices Ni, where 1< i <n, each receiving the 
electronically formatted job at a network-connected port, along with CKi, 
where CKi is generated by encrypting K using corresponding 
asymmetrical encryption public key pubKi; and, 

wherein each device decryption unit decrypts CKi using 
corresponding asymmetrical encryption private key privKi, to recover K. 

31. The method of claim 18 further comprising: 

a plurality of devices Ni, where 1< i <n, each receiving the 
electronically formatted job at a network-connected port, along with CKi, 
where CKi is generated by encrypting Ki using corresponding 
asymmetrical encryption public key pubKi, and CHi, a hash of the job 
encrypted using corresponding symmetrical encryption key Ki; and, 

wherein each device includes a decryption unit for decrypting 
CKi using asymmetrical encryption private key privKi, to recover 
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corresponding symmetrical encryption key Ki, for the decryption of the 
encrypted resource. 

32. The system of claim 31 wherein each device encryption 
unit encrypts FT using symmetrical encryption key Ki, obtaining CH;'; 
and, 

wherein each device security unit validates CH by matching 
CH; to corresponding CH;'. 



33. The system of claim 31 wherein each device decryption 
unit decrypts CH; using symmetrical encryption key K;, obtaining H; and, 
wherein each device security unit validates CH by matching 

H to H\ 



34. A system for accessing network-connected processing 
resources, the system comprising: 

a second device including: 

a processor to supply a job; 

a hash unit having an interface to accept the job 
and to supply a hash of the job (H); 

an encryption unit having an interface to accept 
H, to supply CK, the encryption of symmetrical encryption key K 
using pubK, and CH, the encryption of H using K; and, 

a network-connected port for transmitting the 
job, CK, and CH to a first device for job processing. 
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